Page 1 of 1

Huge linux security flaw found

Posted: Mon Aug 23, 2010 11:24 am
by Red Squirrel
Time to patch up. :o

I could see MS pulling this off, but Linux?

http://blogs.techrepublic.com.com/opensour...760&tag=nl.e101



Security researcher Rafal Wojtczuk from Invisible Things Lab reported a Linux kernel vulnerability, which would allow any GUI application that could be compromised, such as a PDF viewer, to bypass Linux security and potentially take over the system. The flaw has been present since at least 2003, and according to LinuxPlanet, it first became known to developers and distros only in June. You can read the PDF report compiled by Wojtczuk here.

So far, though, only some progress has been made in closing the hole, known officially as CVE-2010-2240. Linux founder Linus Torvalds comitted a patch for the issue on Friday, and Linux kernel developer Greg Kroah-Hartman that same day formally announced the 2.6.35.2 Linux kernel release, advising all users to update.

The problem, of course, is that just because the main kernel has been patched, doesn’t mean all the Linux versions of the kernel have been patched.

“Updated kernel packages for Fedora 12 and 13 will soon be available from the updates testing repositories, and will be released as stable after being tested,” Mark Cox, director of security response at Red Hat, told InternetNews.com. “Packages for Red Hat Enterprise Linux are being worked on and will be released as soon as they are complete.”

Although there are no reports of the flaw having been exploited (according to Mark Cox), be aware of the vulnerability and update your distros as needed, as soon as the patches are available.

Make better IT decisions with our daily e-mail newsletter. It's your roadmap for a career in tech.Get it.

Archived topic from Iceteks, old topic ID:5186, old post ID:39488